Debian Bug report logs -
#497878
wireshark: several security issues
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 5 Sep 2008 03:36:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions wireshark/1.0.3-1, wireshark/1.0.2-3+lenny1
Done: Joost Yervante Damad <andete@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#497878; Package wireshark.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wireshark
Severity: grave
Tags: security
Justification: user security hole
Hi,
The following CVE ids have been issued against wireshark.
Name: CVE-2008-3146
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146
Reference: SUSE:SUSE-SR:2008:017
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Reference: CONFIRM:http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly
Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
crafted NCP packet that causes an invalid pointer to be used.
======================================================
Name: CVE-2008-3932
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932
Reference: CONFIRM:http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to
cause a denial of service (hang) via a crafted NCP packet that
triggers an infinite loop.
======================================================
Name: CVE-2008-3933
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933
Reference: MISC:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2682
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2649
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers
to cause a denial of service (crash) via a packet with crafted
zlib-compressed data that triggers an invalid read in the
tvb_uncompress function.
======================================================
Name: CVE-2008-3934
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6
through 1.0.2 allows attackers to cause a denial of service (crash)
via a crafted Tektronix .rf5 file.
Please mention the CVE ids in your changelog entry, when you fix these issues.
Cheers
Steffen
Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#497878; Package wireshark.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #10 received at 497878@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 497878 patch
thanks
Hi
This one is for the CVE-2008-3933:
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/tvbuff.c?r1=25498&r2=25677&pathrev=25677
These ones should address CVE-2008-3146 and CVE-2008-3932.
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=24522&r2=25600&pathrev=25600
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25683&r2=25807&pathrev=25807
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25807&r2=25892&pathrev=25892
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25911&r2=25913&pathrev=25913
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25913&r2=25914&pathrev=25914
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=26012&r2=26011&pathrev=26012
Upstream also mentioned these ones, but I guess they can be omitted.
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-btrfcomm.c?r1=25682&r2=25681&pathrev=25682
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25682&r2=25681&pathrev=25682
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25683&r2=25682&pathrev=25683
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-ncp2222.inc?r1=25911&r2=25910&pathrev=25911
Upstream has been asked about CVE-2008-3934, but no answer has been received
yet.
Please feel free to review these patches and see if they can be integrated
into the debian versions.
Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]
Tags added: patch
Request was from Steffen Joeris <steffen.joeris@skolelinux.de>
to control@bugs.debian.org.
(Sat, 06 Sep 2008 07:24:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#497878; Package wireshark.
(full text, mbox, link).
Acknowledgement sent to Joost Yervante Damad <joost@damad.be>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #17 received at 497878@bugs.debian.org (full text, mbox, reply):
>
> Please feel free to review these patches and see if they can be integrated
> into the debian versions.
Thanks Steffen,
I was on holiday, but failed to make that known, sorry for that.
I'm working on 1.0.3 right now.
Joost
--
homepage: http://damad.be/joost
photo/blog: http://damad.be/joost/blog
Reply sent to Joost Yervante Damad <andete@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #22 received at 497878-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 1.0.3-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
tshark_1.0.3-1_i386.deb
to pool/main/w/wireshark/tshark_1.0.3-1_i386.deb
wireshark-common_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark-common_1.0.3-1_i386.deb
wireshark-dev_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark-dev_1.0.3-1_i386.deb
wireshark_1.0.3-1.diff.gz
to pool/main/w/wireshark/wireshark_1.0.3-1.diff.gz
wireshark_1.0.3-1.dsc
to pool/main/w/wireshark/wireshark_1.0.3-1.dsc
wireshark_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark_1.0.3-1_i386.deb
wireshark_1.0.3.orig.tar.gz
to pool/main/w/wireshark/wireshark_1.0.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 497878@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joost Yervante Damad <andete@debian.org> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Sep 2008 15:05:58 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev
Architecture: source i386
Version: 1.0.3-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Joost Yervante Damad <andete@debian.org>
Description:
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 496768 497878
Changes:
wireshark (1.0.3-1) unstable; urgency=high
.
* New upstream release 1.0.3 (Closes: #497878)
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.3.html
- security fixes:
- The NCP dissector was susceptible to a number of problems,
including buffer overflows and an infinite loop
(CVE-2008-3146, CVE-2008-3932)
- Wireshark could crash while uncompressing zlib-compressed
packet data (CVE-2008-3933)
- Wireshark could crash while reading a Tektronix .rf5 file
(CVE-2008-3934)
- other fixes:
- Following a TCP stream could incorrectly reassemble packets
(Closes: #496768)
Checksums-Sha1:
e827500609cb31167684ee30565603cf86af1bf4 1470 wireshark_1.0.3-1.dsc
160c8be5700aa045d85c07ab52bf8089c21bef2d 16782097 wireshark_1.0.3.orig.tar.gz
796cd9b5eb0fe13c5c7d61ec3cc78dcd53f48865 47966 wireshark_1.0.3-1.diff.gz
4069adcf9ebae2a627c65b8c9f3f05a81cf2c98d 10124450 wireshark-common_1.0.3-1_i386.deb
bcee2c8296e0f63d0d1872b49109ac4ac631a05b 619504 wireshark_1.0.3-1_i386.deb
6bc5d436e06143496a16b3dae72f00c961da491e 112054 tshark_1.0.3-1_i386.deb
60ddbed00cfa85f93ebf8f5ab8d49e79e728a77f 570440 wireshark-dev_1.0.3-1_i386.deb
Checksums-Sha256:
24b3273a0553424fa70d43163d869f8ce9c6beb245b8ed11131314386ad443bb 1470 wireshark_1.0.3-1.dsc
640bf50f7c05b627cfd86e78d8742050fc023c0c2931f14324d4b103cdde1ced 16782097 wireshark_1.0.3.orig.tar.gz
724389ea520ebae7b438d0dd337558c5951b3d6d7f971427ef711cfe74f2bbfe 47966 wireshark_1.0.3-1.diff.gz
cb041912d1afa7277e043b5d0abff23b1610bba32425208dbcb6bb6fd0bdd3e1 10124450 wireshark-common_1.0.3-1_i386.deb
cea07776221b1fb9c657d177424a24ab843cd98829c8436b433dd05da2a2839d 619504 wireshark_1.0.3-1_i386.deb
e765ec5a7d0f0d4a7822abe06051743307408266a1b3467b0ffec1470a6147c9 112054 tshark_1.0.3-1_i386.deb
22dbc1fe28c0d616e894a42bfacf282940898cbc19b57fd038e2d5aaaaf057fd 570440 wireshark-dev_1.0.3-1_i386.deb
Files:
afbf7901ef1ae29d44db50999c78fa0c 1470 net optional wireshark_1.0.3-1.dsc
ca48718f71d9bc1838fb44da872c1d14 16782097 net optional wireshark_1.0.3.orig.tar.gz
6518ab8608d6f55341f55f32b0bdc56a 47966 net optional wireshark_1.0.3-1.diff.gz
40dd1e57d732a68ce17101c6384154ab 10124450 net optional wireshark-common_1.0.3-1_i386.deb
f043dda7e5e299e6482ea5e7eb496c15 619504 net optional wireshark_1.0.3-1_i386.deb
d17de9e913197829c0de28def28ded06 112054 net optional tshark_1.0.3-1_i386.deb
2bbd083957aaca696723c2f4f1ceff8b 570440 devel optional wireshark-dev_1.0.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjKd/gACgkQ0/r2+3z8lN0/GgCfRFVh+TiUaPcwnIPVq5+QEFhC
YgUAn1cBH1mgGXt5HmpNDTG6C4wHhAhm
=R7HL
-----END PGP SIGNATURE-----
Bug marked as fixed in version 1.0.2-3+lenny1.
Request was from Joost Yervante Damad <andete@debian.org>
to control@bugs.debian.org.
(Sun, 28 Sep 2008 09:57:12 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 27 Oct 2008 07:29:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:41:38 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon